HoChi-Minh – Security List Network™http://seclist.us
Tue, 26 Sep 2017 17:13:28 +0000en-UShourly1IntRec-Pack : Intelligence and Reconnaissance Package/Bundle installer.http://seclist.us/intrec-pack-intelligence-and-reconnaissance-packagebundle-installer.html
Fri, 15 Sep 2017 09:57:14 +0000http://seclist.us/?p=15467IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

Note:
Since the Online Resources feature employs functionality derived from Python, Selenium and the Mozilla Geckodriver, I have added some logic to the script that will automatically install the proper version of each component needed in order for the script to function as it should.

]]>FakeAuth – Network attack framework made with arp-poison.http://seclist.us/fakeauth-network-attack-framework-made-with-arp-poison.html
Thu, 07 Sep 2017 09:37:45 +0000http://seclist.us/?p=15396FakeAuth is an FakeAuthentication Network Attack framework written in python3, and made with poison

* Network Injection
+ Inject wireless Deauthentication frames from wireless access points within a certain basic service set, or within an extended service set to capture a 4 way handshake, and perform local based dictionary based attacks against the .cap file.

* Media Access Control Address Checking
+ Check the current state of your media access control address by importing system defined plugins such as fakeauth/network/check/mac_address to get status information about wether or not your MAC address is properly masked or not

]]>shellcarver – Carve shellcode within the memory using restrictive character set.http://seclist.us/shellcarver-carve-shellcode-within-the-memory-using-restrictive-character-set.html
Mon, 28 Aug 2017 09:23:33 +0000http://seclist.us/?p=15320shellcarver is a Carve shellcode within the memory using restrictive character set.Purpose:
To calculate possible sub eax statements to help assist in carving code (or encoding) within memory based on a list of “allowed” bytes when during exploitation. msfvenom’s -b usually works well, but in this case manual encoding is required.

]]>D0xk1t ~ Web-based OSINT and active reconaissance suite.http://seclist.us/d0xk1t-web-based-osint-and-active-reconaissance-suite.html
Mon, 21 Aug 2017 08:28:54 +0000http://seclist.us/?p=15237+ What is this?D0xk1t is an open-source, self-hosted and easy to use OSINT and active reconaissance web application for penetration testers. Based off of the prior command-line script, D0xk1t is now fully capable of conducting reconaissance and penetration testing for security researchers who need a framework without the head-scratching.

D0xk1t_cli

+ Is this a website / webapp ?
Yes and no. In essence, it is not a typical website. D0xk1t is self-hosted. There is no server stack, cloud-based service, SaaS, etc. that is holding it up. You can have the option of deploying D0xk1t on a local network, or deploying your own instance on any infrastructure / technology as you wish (although not recommended).

+ Is this free ?
Yes. D0xk1t will forever be open-source. If you wish to contribute, you can make a fork, add any changes, and send a pull request on Github.

$ git clone https://github.com/ex0dus-0x/D0xk1t && cd D0xk1t
$ pip install -r requirements.txt
$ python run.py
Open config.py. Here, you will see all the environmental variables that the application utilizes. Three important fields you MUST be aware of if you plan to deploy to the web.
GOOGLEMAPS_API_KEY = "YOUR_API_KEY_HERE"
SECRET_KEY = 'SECRET_KEY_HERE'
open browser at 127.0.0.1:5000

# TCP parser
Program records each TCP connection into into files that represent the data sent and received on each side of the connection.

Sniffer (Packet Trace Parser)

For each connection, we create three files in the current directory:
1. Metadata (e.g., “1.meta”): basic information about the connection, including:
* Initiator and responder IP address
* Initiator and responder port number
* Number of packets sent, in each direction
* Number of bytes sent, in each direction
* Number of duplicate packets detected, in each direction
* Whether the connection was closed before EOF was reached (4-way handshake)
2. Data from initiator (e.g., “1.initiator”): all the TCP payload data in the connection sent from the initiator to the responder, but only if the responder has acknowledged it and it is not a duplicate. Data in each subsequent packet in the connection is concatenated to the end of the file as it is acknowledged.
3. Data from responder (e.g., “1.responder”): all corresponding data sent from responder to initiator.

# Email parser
Records the SMTP email traffic in the packet trace via TCP servers.
For each email message sent to an SMTP server, it creates a file (e.g., “1.mail”) that contains:
* The IP addresses of the sender and receiver
* Whether the message was accepted or rejected by the server
* The message headers and body (if any)

# Cookie parser
Detects and parses cookies in HTTP traffic. Stores all the name/value pairs in one file for each connection (e.g., “1.cookie”)

It was originally designed and published in [1] and has since been standardised as the AFF4 Standard v1.0, which is available at https://github.com/aff4/Standard . This project is a work in progress implementation, providing two library implementations, C/C++ and Python.

aff4

What is currently supported.

The focus of this implementation at present is reading images conforming with the AFF4 Standard v1.0. Canonical images are provided in the AFF4 Reference Images github project at https://github.com/aff4/ReferenceImages
+ Reading ZipFile style volumes.
+ Reading AFF4 Image streams using the deflate or snappy compressor.
+ Reading RDF metadata using Turtle (and in some instances YAML for backwards compatibility).

The caveat! (PLEASE READ):If you decide to use Hummelflug, please keep in mind the following important caveat: they are, more-or-less a distributed denial-of-service attack in a fancy package and, therefore, if you point them at any server you don’t own you will behaving unethically, have your Amazon Web Services account locked-out, and be liable in a court of law for any downtime you cause.

]]>Zeus – AWS Auditing & Hardening Tool.http://seclist.us/zeus-aws-auditing-hardening-tool.html
Sun, 02 Jul 2017 20:15:46 +0000http://seclist.us/?p=14600Zeusis a powerful tool for AWS EC2 / S3 best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user.

Requirements
– Zeus has been written in bash script using AWS-CLI and it works in Linux/UNIX and OSX.
– Make sure that the AWS-CLI tool is installed on the system and profile is configured (aws configure).

]]>Apparatus is a security framework to facilitate security analysis in IoT systems.http://seclist.us/apparatus-is-a-security-framework-to-facilitate-security-analysis-in-iot-systems.html
Sat, 24 Jun 2017 22:36:54 +0000http://seclist.us/?p=14544Apparatus is a security framework to facilitate security analysis in IoT systems. To make the usage of the Apparatus framework easier the ASTo app was created (ASTo stands for Apparatus Software Tool).

How can I use it?
A requirement to use ASTo is knowledge of the Apparatus framework. If you have the time and patience the best way to understand the framework is to read some research papers that were written about it. If not, you can always read this wiki.
+ Apparatus: Reasoning About Security Requirements in the Internet of Things
+ ASTo: A Tool for Security Analysis of IoT Systems
Some of the features of ASTo have not been published yet, but I will try to add them as documentation here.

]]>xf – an Educational Python penetration testing framework.http://seclist.us/xf-an-educational-python-penetration-testing-framework.html
Sun, 18 Jun 2017 22:32:08 +0000http://seclist.us/?p=14508xf is a bunch of penetration testing tools. The author not responsible for what people do with them. this is meant to be educational. this doesn’t cheat by simply running os.system() and using existing unix commands so it should in theory be cross platformDependencies:
+ Python 2.7.x
+ ALl Linux/Unix and Mac OSX support.

]]>Remote root exploits for the SAMBA CVE-2017-7494 vulnerability.http://seclist.us/remote-root-exploits-for-the-samba-cve-2017-7494-vulnerability.html
Tue, 06 Jun 2017 22:55:15 +0000http://seclist.us/?p=14410Remote root exploit for the SAMBA CVE-2017-7494 vulnerability.This exploit is divided in 2 parts:
1. First, it compiles a payload called “implant.c” and generates a library (libimplantx32.so or libimplantx64.so) that changes to the root user, detaches from the parent process and spawns a reverse shell.
2. Second, it finds a writeable share in the specified target host, uploads the library with a random name and tries to load it.

CVE-2017-7494

As long as the target is vulnerable and the payload is the correct for the target operating system and architecture, the exploit is 100% reliable